*Must be willing to work hybrid to start and travel as needed*
The Senior Director of Information Technology is the functional owner of the organization's technology platform, cybersecurity posture, regulatory technology compliance program, and the secure enablement of artificial intelligence across the enterprise. This leader is accountable for the secure, reliable, and scalable operation of all clinical, revenue cycle, and administrative systems across a multi-site healthcare environment. The role combines hands-on technical leadership with executive-level risk management—protecting protected health information (PHI), maintaining HIPAA and applicable state regulatory compliance, and serving as the technology partner for the organization's AI strategy and modern data initiatives.
This is a foundational leadership role for an executive who treats security and compliance as first-order obligations and who understands that responsibly scaling AI within a HIPAA-regulated healthcare organization is a critical capability for the future of healthcare operations.
Responsibilities
- Security & Compliance (Primary Focus)
- Own the information security program end-to-end, including governance, policy development, controls, monitoring, incident response, and executive reporting.
AI Enablement, Security & Governance
- Serve as the executive technology partner for enterprise AI initiatives supporting clinical operations, revenue cycle functions, and administrative services.
- Build and operate the AI governance framework, including model inventories, approval processes, risk classification, acceptable use policies, and ongoing monitoring.
- Establish secure-by-default architecture standards for AI deployments, including enterprise LLM platforms, agentic tools, retrieval-augmented generation (RAG), and custom models, with safeguards for PHI.
- Implement data loss prevention (DLP), logging, content filtering, and monitoring controls for AI-enabled tools.
- Evaluate and select AI platform vendors with appropriate healthcare compliance standards, including BAAs, data retention controls, and security certifications.
- Define and enforce approved AI use cases, distinguishing workflows that may process PHI from those restricted to non-PHI or de-identified data.
- Implement technical controls for AI agents and automations, including credential management, audit logging, human oversight, and rollback procedures.
- Partner with Compliance and Legal teams on emerging AI-related regulatory requirements and risk management.
- Lead organization-wide AI security awareness and responsible use training.
- Establish secure data governance, access controls, lineage tracking, masking, and de-identification practices to support analytics and AI initiatives.
Infrastructure & Operations
- Own the full technology stack, including networks, endpoints, cloud and on-premises infrastructure, telephony, and end-user computing across multiple healthcare locations.
- Ensure high availability of clinical and operational systems and manage service levels with vendors and managed service providers.
- Lead IT service desk and field support functions using metrics-driven service management practices.
- Manage IT budgets, vendor contracts, software licensing, and technology investments, including AI-related platforms.
Applications & Data
- Partner with clinical and operational leaders on electronic health records (EHR), practice management, scheduling, and patient engagement systems.
- Partner with finance and revenue cycle leaders on billing, collections, payer integrations, and analytics platforms.
- Govern data architecture, integrations, master data management, and reporting infrastructure with AI readiness as a strategic priority.
- Maintain controls that enable business users to deploy AI-assisted workflows while preserving compliance, security, and audit requirements.
Leadership
- Build, mentor, and retain a high-performing IT, security, and governance team.
- Serve as a trusted advisor to executive leadership on technology strategy, cybersecurity, AI governance, and operational risk.
- Represent technology functions during audits, regulatory reviews, due diligence activities, and other external assessments.
- Maintain continuous HIPAA Privacy and Security Rule compliance, including administrative, physical, and technical safeguards.
- Manage applicable state and federal privacy and security obligations, including healthcare data privacy regulations and requirements relevant to healthcare operations.
- Lead the Business Associate Agreement (BAA) program, including vendor risk assessments, agreement execution, ongoing third-party monitoring, and audit rights management, with particular attention to AI and large language model vendors.
- Oversee identity and access management, least-privilege provisioning, multi-factor authentication, and periodic access reviews across clinical, administrative, and AI-enabled systems.
- Operate the security incident response program, including breach notification readiness under HIPAA and applicable state laws.
- Drive annual security risk assessments, remediation planning, and supporting documentation for audits and regulatory inquiries.
- Advance the security program toward recognized frameworks such as HITRUST CSF, NIST CSF, SOC 2, or equivalent.
- Maintain and test disaster recovery and business continuity programs covering clinical, operational, and revenue cycle systems.
Qualifications
- Bachelor's Degree in Computer Science, Information Systems, or a related field; advanced degree preferred.
- 12+ years of progressive IT leadership experience, including at least 5 years in a director-level or higher role within healthcare.
- Demonstrated ownership of a HIPAA-regulated healthcare environment, including responsibility for security risk assessments and remediation programs.
- Deep understanding of HIPAA Privacy and Security Rules and applicable healthcare privacy regulations.
- Experience implementing or maintaining recognized security frameworks such as HITRUST CSF, NIST CSF, SOC 2, or equivalent.
- Proven incident response leadership experience.
- Direct experience evaluating, deploying, and securing enterprise AI or large language model platforms within regulated healthcare or similarly regulated environments.
- Working knowledge of AI threat models, including prompt injection, training data leakage, model output risks, agent misuse, and vendor supply-chain risks.
- Experience supporting multi-site healthcare operations.
- Strong vendor management and BAA program experience.
- Excellent executive communication skills, including the ability to present technology, security, and AI-related risks to senior leadership and governing bodies.
Preferred Qualifications
- Experience within healthcare delivery organizations, physician groups, ambulatory care, specialty practices, or other healthcare settings.
- Professional certifications such as CISSP, CISM, HCISPP, or equivalent.
- Experience with AI governance frameworks, AI security programs, or responsible AI initiatives (e.g., IAPP AIGP, ISO/IEC 42001, NIST AI RMF).
- Experience designing controls for enterprise-scale AI deployments and agentic systems.
- Experience supporting revenue cycle operations and payer integrations.
- Experience supporting mergers and acquisitions, system integrations, or organizational growth initiatives.
Compensation & Benefits
- Competitive compensation package, including incentive opportunities.
- Comprehensive benefits program.
- Opportunity to lead enterprise-wide cybersecurity, compliance, AI governance, and technology modernization initiatives within a growing healthcare organization.
Pay: $175,000.00 - $195,000.00 per year
Benefits:
- 401(k)
- 401(k) matching
- Dental insurance
- Employee assistance program
- Employee discount
- Flexible spending account
- Health insurance
- Health savings account
- Life insurance
- Paid time off
- Professional development assistance
- Referral program
- Tuition reimbursement
- Vision insurance
Application Question(s):
- Do you live in the state of California or Arizona?
Work Location: Remote
